Every January, we get a lot of valuable insights by looking back at our most popular blog posts in the previous year, and 2018 was no exception. The posts that resonated the most last year paint a clear picture of topics most important to the security and development communities – from open source risk, to using AppSec as a competitive differentiator, to security’s new role in a DevOps world. The... READ MORE›

The past year was a wild ride on many fronts, and it included some of the biggest data breaches we’ve seen in recent history. According to a report from Business Insider, some of the biggest victims in 2018 were T-Mobile, Quora, and Orbitz. Millions of people around the world were left vulnerable, as hackers accessed and stole their personal information – which in some cases included passport... READ MORE›

DevOps, with its focus on speed and incremental development, is changing the application security landscape. We’ve talked about this change a lot in the past couple years, and how security should fit into this picture. Now SANS is taking a look at how security actually is fitting into this DevOps picture in practice. In a recent survey, the sixth in a series of annual studies by SANS on security... READ MORE›

With January upon us, there’s undoubtedly a buzz in the air as security and development professionals eagerly plan out their 2019 strategies. You might be wondering what resolutions you can make that will help you navigate the New Year, and to take it a step further, what trends you should consider when crafting these resolutions. To help you get started, here are some suggestions from the... READ MORE›

Marriott has confirmed that the number of guests affected in the breach of Starwood’s guest reservation database is down from the originally estimated 500 million to “fewer than 383 million unique guests.” At this time, the hotel giant is unable to confirm an exact number of guests impacted.
According to the statement, approximately 5.25 million unique unencrypted passport numbers and 20.3... READ MORE›

When you make an investment in an application security program, you’re expecting to derive value from the initiative; in other words, you’re expecting to get some kind of return on your investment. After more than 10 years working with organizations to implement and build out application security programs, we have a pretty clear sense of what that value is. We find that the value derived from an... READ MORE›

Starting the New Year off with a bang, Hacker Giraffe and J3ws3r reportedly exploited a vulnerability in thousands of Google Chromecast streaming devices. The CastHack bug, allegedly disclosed nearly five years ago, enabled the hackers to remotely access thousands of the streaming devices, causing them to show a pop-up notice on connected TVs alerting users that their misconfigured router is... READ MORE›

Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and objects via a name. These objects can be stored in different naming or directory services, such as Remote Method Invocation (RMI), Common Object Request Broker Architecture (CORBA), Lightweight Directory Access Protocol (LDAP), or Domain Name Service (DNS).
In other words, JNDI is a... READ MORE›

With the slew of terms that exist in the world of application security, it can be difficult to keep them all straight. “Flaws,” “vulnerabilities,” and “exploits” are just a few that are likely on your radar, but what do they mean? If you’ve used these words interchangeably in the past, you’re not alone. They’re easy to confuse with one another, likely because there’s a relationship between all of... READ MORE›

According to a newly unsealed indictment, two Chinese nationals working with the Chinese ministry of state security have been charged with hacking a number of U.S. government agencies and corporations. The court filing indicates that Zhu Hua and Zhang Jianguo, members of Advanced Persistent Threat 10 (APT10), used phishing techniques in order to steal intellectual property, confidential business... READ MORE›

Pages

Cookie Use

We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. For more information see our cookies policy.

Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.